> >> Wondering how to log packets blocked and accepted by qubes firewall > >> for specific vm or all vms if thats the only option? Couldn't find > >> anything in website or google or qvm-firewall
> > Unfortunately, Qubes firewall was not designed for such use case. > > > > If you are familiar with the iptables (and nftables too), you may be > > able to workraound this limitation. But it really not trivial to achieve So, logging is done via -j LOG target, like this (with same rules that would match actual action): iptables -t nat -A SSH2 -j LOG --log-prefix "DNAT SSH2-tunnel: " iptables -t nat -A SSH2 -j DNAT -p tcp --to 10.137.2.11:22 For blocked packages you should add log entry before DROP statements. You should review all chains and tables. Add your changes to sys-firewall:/rw/config/qubes-firewall-user-script. Be careful when inserting/adding rules, as they qubes dynamically changes the tables. By default LOG uses systemd log but it is configurable. Your question is not related to Qubes, but is general iptables-question. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a9399c1d-d316-48fb-af62-4832d60db84a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
